Jump to content
mommasteph

HELP! New user....

Recommended Posts

I just downloaded and used the free version for the first time. It found 91 things including Trogans (vundo varient) and one of unknown origin off the top of my head--question, can I look at the files in the manage quarintine?)...

This is after I ran Nortin 360 yesterday, which found Vundo. Then I ran Adaware, which also found Trogans. Malwarebytes was unable to get updates, but after I ran Adaware that cleared up and it's scanning now.

My problem:

When I go to google and search the results seem to be hyjacked. For example if I were to search Superantispyware, I know the address should be superantispyware.com....BUT the results show the correct snapshot of the site, but the green addy will say www.hotjobs.com, or some other crappy add site??? This is true for the next 10 etc. google search results.

HELP! I've scanned this computer with a zillion things, why can't I get this off of my machine? and what is it?

Share this post


Link to post
Share on other sites

Here is the summary if that helps at all...

I removed the cookies cause they have my name...

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 02/02/2009 at 10:39 PM

Application Version : 4.25.1012

Core Rules Database Version : 3741

Trace Rules Database Version: 1709

Scan type : Complete Scan

Total Scan Time : 01:45:14

Memory items scanned : 533

Memory threats detected : 0

Registry items scanned : 6036

Registry threats detected : 10

File items scanned : 76683

File threats detected : 81

Adware.Vundo Variant

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9BD0828-1FD9-410C-A50F-43EBE65D310F}

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9BD0828-1FD9-410C-A50F-43EBE65D310F}

Rogue.Component/Trace

HKLM\Software\Microsoft\206790AC

HKLM\Software\Microsoft\206790AC#206790ac

HKLM\Software\Microsoft\206790AC#Version

HKLM\Software\Microsoft\206790AC#20673d2c

HKLM\Software\Microsoft\206790AC#206754c9

HKU\S-1-5-21-4246250600-2457638980-4133488417-1007\Software\Microsoft\FIAS4018

Rogue.RapidAntivirus

HKU\.DEFAULT\Software\Rapid Antivirus

HKU\S-1-5-18\Software\Rapid Antivirus

Application.PowerReg Scheduler

C:\DOCUMENTS AND SETTINGS\MATTHEW \START MENU\PROGRAMS\STARTUP\POWERREG SCHEDULER V3.EXE

Adware.k8l

C:\PROGRAM FILES\MSN\ZYSOLAHD.HTML

Trojan.Unknown Origin

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPLICATION DATA\1D759F61157C5982

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPLICATION DATA\A71F762714EEF91B

C:\WINDOWS\SYSTEM32\WINTSVCC32.EXE

Adware.Vundo Variant/Rel

C:\WINDOWS\SYSTEM32\IJKKJ.INI

Trojan.Downloader-Gen

C:\WINDOWS\SYSTEM32\WINPFZ32.SYS

Share this post


Link to post
Share on other sites

I've read about the 7.7.7.0 problem other places (I sent a PM with the details I can find)...

How would it get hyjacked? This just suddenly started yesterday and coincidentally I also have a zillion viruses? It seems more likely to be malware...

As you can tell I'm not to savvy when it comes to this stuff....;) I'd appreciate any help you can give...

Share this post


Link to post
Share on other sites

I've been researching this a lot, and Kapersky seems to have definitions for this: Named it rootkit.win32.agent.fwt

So, I guess I'll go download that, and see if I can get rid of this malware....

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...